potential unsafe use of wrappedJSObject

RESOLVED FIXED

Status

Cloud Services
Share: Firefox Client
RESOLVED FIXED
7 years ago
7 years ago

People

(Reporter: philikon, Assigned: philikon)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

+++ This bug was initially created as a clone of Bug #647329 +++

The F1 extensions uses wrappedJSObject to access properties/functions of the webcontent in panel.js. Use of wrappedJSObject is discouraged since content script may potentially override properties/function, leading to unexpected behavior.

The extension appears to work without the need for wrappedJSObject in my testing. The attached patch is what I used for testing. 

wrappedJSObject in injector.js should be safe due to the use of Cu.evalInSandbox()
I'm addressing this as part of the refactoring necessary for bug 645802.
Assignee: nobody → philipp
Status: NEW → ASSIGNED
Depends on: 645802
(Assignee)

Updated

7 years ago
Blocks: 651668
Bug 645802 got rid of all uses of window.wrappedJSObject.
Status: ASSIGNED → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → FIXED
(In reply to comment #4)
> Is wrappedJSObject needed in observe?
> 
> https://hg.mozilla.org/users/pweitershausen_mozilla.com/fx-share/file/d93ecae862c4/services/share/modules/panel.js#l552

Yes. This is on the subject, specified as an nsISupports value in nsIObserverService::notifyObservers. If you pass around a JS object across XPCOM borders, this how you unwrap it from being a dumb nsISupports stub back to the actual JS object.
You need to log in before you can comment on or make changes to this bug.